-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Switch to immediate mode #1291
Switch to immediate mode #1291
Conversation
WIP for nmap#34. This avoids false packet drops caused by libpcap buffering packets before returning them, making Nmap think that there is no response within its expected round trip timeout, leading to additional probes sent as retries. When the buffered packets then are returned, Nmap assumes that there were packet drops, due to getting responses "after" its retry probes, but not from the first probe (in reality, no packets were lost). This is based on code seen in here: nmap#34 (comment) It's just a quick patch to show the change. It doesn't implement error checking on pcap_activate, and doesn't check to see if pcap_set_immediate_mode is supported in the case of OS-provided libpcap.
I'm happy to see some activity on this. (By the way, is I wasn't sure if libpcap would always have the newly-used function calls (such as older versions, or versions on other platforms), so I wondered if some amount of Regarding error handling, I agree it will need to be split into (at least) two parts now, whereas the original code just had a
And from
What isn't clear to me is why the I would guess that it would be better if the The examples of error handling in this test program might be helpful, too. |
Libpcap 1.0.0 was the first release with |
Thanks Guy; now that it's nearly a decade later, I personally feel that it would be sane for |
Ah, I just noticed @djcater's comment on the bug that points out that |
So, on systems without
|
Thanks again for the detailed suggestions @guyharris. Just below these changes there is already a line for Windows which does:
For the other parts, hopefully someone else can help out and make those changes. |
This is great! I'm going to work on merging this. I'm not concerned about the retry loop, since that was added back in Nmap 4.02ALPHA1 to work around "a rare bug on Windows in which the pcap_open_live() fails for unknown reasons." Since we now use Npcap and are responsible for maintaining it, we would much rather discover the root cause (if it still exists) and fix it there. Thanks everyone for your research and guidance on this issue! |
Add some comments for open questions, to ensure they're thought about before accepting this change.
I.e., have an "introduced in" section in the libpcap man pages for particular functions (or in the pcap(3pcap) overall man page, or both)? |
@guyharris it seems we're getting a little off-topic for this PR. ;-) But I think it would be nice-to-have in the individual function man pages, that way when I'm looking at the documentation for a specific call I want to use, I can be sure it will be available across all the platforms I want to support. (I see there also a I think this PR illustrates two challenges with cross-platform development with Finally, I just wanted to say that I appreciate the hard work (and public contributions) from everyone in this thread! I hope my comments are coming across as constructive feedback and not pedantic complaints. ;-) |
I've committed the initial portion of this as 2 commits:
When I get back to this, I'll add the appropriate code workarounds for immediate mode for all platforms and credit the parties involved in the changelog. |
Then the discussion should be moved by filing a libpcap issue.
Libpcap does abstract that particular platform-specific issue - enabling immediate mode - into The problem isn't that libpcap doesn't offer a way to request immediate mode, the problem is that libpcap didn't offer a way to request immediate mode before the 1.5.0 release, so any program or library that has to support older versions has to, if it's being built with a pre-1.5.0 release, duplicate what libpcap 1.5.0 does. Without a time machine, there's nothing we, the libpcap developers, can do to fix that. :-) BTW, if you do have |
@guyharris, thanks for the clarification - I mistakenly interpreted your previous comment to mean that some versions of libpcap might not have a |
There's "version" and there's "version". For "version" in the sense of "release", releases prior to 1.5.0 don't have it, and release 1.5.0 and later do have it. For "version" in the sense of "something built by somebody who's downloaded the source", if somebody wanted to make a version of a 1.5.0 or later release that didn't have |
WIP for #34.
This avoids false packet drops caused by libpcap buffering packets before returning them, making Nmap think that there is no response within its expected round trip timeout, leading to additional probes sent as retries. When the buffered packets then are returned, Nmap assumes that there were packet drops, due to getting responses "after" its retry probes, but not from the first probe (in reality, no packets were lost).
This is based on code seen in here: #34 (comment)
It's just a quick patch to show the change. It doesn't implement error checking on pcap_activate, and doesn't check to see if pcap_set_immediate_mode is supported in the case of OS-provided libpcap.